CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732
CVE-2020-11831 CRITICAL
OvoiceManager 2.0.1 - Incorrect Permission Assignment for Critical Resource
CVSS 9.8
CVE-2020-28914 HIGH
Kata Containers < 1.11.5 - Improper File Permissions in Kubernetes hostPath Volume
CVSS 7.1
CVE-2020-24525 HIGH
Intel(R) NUC - Privilege Escalation
CVSS 7.8
CVE-2020-16990 MEDIUM
Azure Sphere < 20.07 - Information Disclosure via Incorrect Permission Assignment
CVSS 6.2
CVE-2020-24367 HIGH
BlueStacks 4-4.230 - Privilege Escalation
CVSS 7.8
CVE-2020-28055 HIGH
TCL Android Smart TV < V8-R851T02-LF1 V295 - Unauthenticated Arbitrary File Write via /data/vendor/upgrade
CVSS 7.8
CVE-2020-3595 HIGH
Cisco SD-WAN < 20.1.2 - Authenticated Privilege Escalation via Incorrect Command Permissions
CVSS 7.8
CVE-2020-17490 MEDIUM
SaltStack Salt <3002 - Info Disclosure
CVSS 5.5
CVE-2020-15708 CRITICAL
Ubuntu 20.04 LTS - Incorrect Permission Assignment for Critical Resource in libvirt Control Socket
CVSS 9.3
CVE-2020-27992 HIGH
Wondershare Dr.Fone 3.0.0 - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2020-27658 HIGH
Synology Router Manager <1.2.4-8081 - Info Disclosure
CVSS 7.1
CVE-2020-26133 HIGH
Dual DHCP DNS Server 7.40 - Privilege Escalation via Executable Replacement
CVSS 7.8
CVE-2020-26132 HIGH
Home DNS Server 0.10 - Unauthenticated Privilege Escalation via Binary Replacement
CVSS 7.8
CVE-2020-26131 HIGH
Open DHCP Server 1.75 and Open DHCP Server (LDAP Based) 0.1Beta - Privilege Escalation via Binary Replacement
CVSS 7.8
CVE-2020-26130 HIGH
Open TFTP Server 1.66 - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2020-10140 HIGH
Acronis True Image 2021 - Uncontrolled Search Path Element via Insecure Directory Permissions
CVSS 7.8
CVE-2020-15910 MEDIUM
SolarWinds N-Central < 12.3 - Session Cookie Exposure via Missing HTTPOnly Attribute
CVSS 4.7
CVE-2020-0410 MEDIUM
Android - Permission Bypass via PendingIntent Error in SapServer
CVSS 5.5
CVE-2020-17415 HIGH
Foxit PhantomPDF 10.0.0.35798 - Privilege Escalation
CVSS 7.8
CVE-2020-17414 HIGH
Foxit Reader 10.0.0.35798 - Privilege Escalation
CVSS 7.8
CVE-2020-15250 MEDIUM
JUnit4 4.7-4.13 - Local Information Disclosure via TemporaryFolder Rule
CVSS 4.4
CVE-2020-26932 MEDIUM
Debian Sympa <6.2.40~dfsg-7 - Privilege Escalation
CVSS 4.3
CVE-2020-15838 HIGH
ConnectWise Automate < 2020.8 - Privilege Escalation via Weak _LTUPDATE Folder Permissions
CVSS 8.8
CVE-2020-9048 HIGH
American Dynamics victor Web Client < 5.4.1 and Software House CCURE Web Client < 2.80 - Arbitrary File Deletion and DoS
CVSS 7.1
CVE-2020-12302 HIGH
Intel Driver & Support Assistant < 20.7.26.7 - Authenticated Privilege Escalation via Local Access
CVSS 7.8
Details
Vulnerabilities 1,664
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits